FIPS 140-2 Certification

Hi Does anyone here knows 1) Which versions of Open SSL are FIPS 140-2 certified on Linux? Which versions of Linux? 2) Which versions of Open SSL are FIPS 140-2 certified on Windows? Which versions of Windows? Thanks Erez Pasternak

Re: FIPS 140-2 Certification

Erez Pasternak wrote: Hi Does anyone here knows 1) Which versions of Open SSL are FIPS 140-2 certified on Linux? Which versions of Linux? 2) Which versions of Open SSL are FIPS 140-2 certified on Windows? Which versions of Windows? Thanks Erez Pasternak There is currently only

RE: FIPS 140-2 certification

testing is about $50,000. Chris Brook -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ben Laurie Sent: Saturday, September 28, 2002 7:33 AM To: [EMAIL PROTECTED] Subject: Re: FIPS 140-2 certification Nathan Bardsley wrote: Hello everyone! I work

Re: FIPS 140-2 certification

On Mon, Sep 30, 2002 at 10:01:35AM -0500, Ben Lindstrom wrote: As I say before.. Don't know about OpenSSL group, but I believe the slogan for the OpenSSH group is. Show me the patch. Perferable one patch per logical fix/patch. So it is easier for us to decide which ones we

RE: FIPS 140-2 certification

I'm surprised that you are using IRIX. I would not have thought IRIX would have gotten FIPS rating. AIX or Solaris Trusted would not have surprised me. Guess I'll have to have a chat with a buddy over there. =) See http://niap.nist.gov/cc-scheme/CCEVS-CC-VID401-SGI_IRIX.html for

RE: FIPS 140-2 certification

As I say before.. Don't know about OpenSSL group, but I believe the slogan for the OpenSSH group is. Show me the patch. Perferable one patch per logical fix/patch. So it is easier for us to decide which ones we like or don't like. No one has said.. F*ck off =) Just me asking

Re: FIPS 140-2 certification

Nathan Bardsley wrote: Hello everyone! I work for a company that uses OpenSSH/OpenSSL to remotely support systems we've sold. Since some of our clients are US Dept. of Defense hospitals, our access to these servers needs to comply with a whole range of requirements and standards. At

Re: FIPS 140-2 certification

On Fri, 27 Sep 2002, Nathan Bardsley wrote: Ben Lindstrom wrote: Where are theses 'DIPS 140-2' requirements? If they are anything like the other military requirements they are impratical and insane (yes I've had some time in the area. Not my idea of fun =). This:

Re: FIPS 140-2 certification

On Fri, Sep 27, 2002 at 07:10:18PM -0500, Ben Lindstrom wrote: FIPS 140 is linked to C2 security from the looks of it. And from my skimming it looks like OpenSSL would need to get NIST approval for their general crypto, their digital signatures, and more than likely thier MAC code. FIPS

FIPS 140-2 certification

Hello everyone! I work for a company that uses OpenSSH/OpenSSL to remotely support systems we've sold. Since some of our clients are US Dept. of Defense hospitals, our access to these servers needs to comply with a whole range of requirements and standards. At this point it's looking like

Re: FIPS 140-2 certification

Ben Lindstrom wrote: Where are theses 'DIPS 140-2' requirements? If they are anything like the other military requirements they are impratical and insane (yes I've had some time in the area. Not my idea of fun =). This: http://csrc.nist.gov/cryptval/ is the URL at NIST, I'm just getting

Re: FIPS 140-2 certification

The other option is for CliniComp to sponser getting OpenSSH/OpenSSL through the certification process, and that's what I'm exploring. If you look through the complete list, you'll see there's a vendor who had an openssl software solution certified, but that it's not commercially available.